var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
var cors = require('cors'); //跨域

var indexRouter = require('./routes/index');
var usersRouter = require('./routes/users');
var loginRouter = require('./routes/login');
var regRouter = require('./routes/reg')

var app = express();

// cookie
app.use(cookieParser('abcd1234'));  // 秘钥

// 跨域设置
// app.use(cors({
// 	origin: ['http://localhost:8080'], //允许这个域访问
// 	methods: ['GET', 'POST', 'PATCH','PUT'], // 只允许 GET / POST / PATCH / PUT 请求
// 	alloweHeaders: ['Content-Type', 'Authorization'] //只允许带这两种请求头的的访问
// }))
app.use('*',function (req, res, next) {
    let ogn = req.headers.origin;  // 获取访问的域名, 跨域设置cookie必须指定域名

    // res.header('Access-Control-Allow-Origin', '*'); // * 表示任意域名都可以访问，这样写不能携带cookie了。
    // res.header('Access-Control-Allow-Origin', 'http://www.baidu.com'); //这样写，只有www.baidu.com 可以访问，且可以携带cookie
    res.header('Access-Control-Allow-Origin', ogn===undefined?'*':ogn); // 动态指定允许跨域的域名
    res.header('Access-Control-Allow-Credentials', true); // 跨域携带cookie需要设置
    res.header('Access-Control-Allow-Headers', 'Content-Type, Content-Length, Authorization, Accept, X-Requested-With , yourHeaderFeild');
    res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS');//设置方法
    if (req.method == 'OPTIONS') {
        res.send(200); // 意思是，在正常的请求之前，会发送一个验证，是否可以请求。
    }
    else {
        next();
    }
});


// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

app.use('/', indexRouter);
app.use('/users', usersRouter);
app.use('/login', loginRouter);
app.use('/reg', regRouter);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  next(createError(404));
});

// error handler
app.use(function(err, req, res, next) {
  // set locals, only providing error in development
  res.locals.message = err.message;
  res.locals.error = req.app.get('env') === 'development' ? err : {};

  // render the error page
  res.status(err.status || 500);
  res.render('error');
});

module.exports = app;
